use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.
the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultWrap.
/**
* Encrypts the text using specified Azure Key Vault key.
*
* @param masterKeyPath
* - Azure Key Vault key url.
* @param encryptionAlgorithm
* - Encryption Algorithm.
* @param columnEncryptionKey
* - Plain text Column Encryption Key.
* @return Returns an encrypted blob or throws an exception if there are any errors.
* @throws SQLServerException
*/
private byte[] AzureKeyVaultWrap(String masterKeyPath, KeyWrapAlgorithm encryptionAlgorithm, byte[] columnEncryptionKey) throws SQLServerException {
if (null == columnEncryptionKey) {
throw new SQLServerException(SQLServerException.getErrString("R_CEKNull"), null);
}
CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
WrapResult wrappedKey = cryptoClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, columnEncryptionKey);
return wrappedKey.getEncryptedKey();
}
use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.
the class SQLServerColumnEncryptionAzureKeyVaultProvider method getCryptographyClient.
private CryptographyClient getCryptographyClient(String masterKeyPath) throws SQLServerException {
if (this.cachedCryptographyClients.containsKey(masterKeyPath)) {
return cachedCryptographyClients.get(masterKeyPath);
}
KeyVaultKey retrievedKey = getKeyVaultKey(masterKeyPath);
CryptographyClient cryptoClient;
if (null != credential) {
cryptoClient = new CryptographyClientBuilder().credential(credential).keyIdentifier(retrievedKey.getId()).buildClient();
} else {
cryptoClient = new CryptographyClientBuilder().pipeline(keyVaultPipeline).keyIdentifier(retrievedKey.getId()).buildClient();
}
cachedCryptographyClients.putIfAbsent(masterKeyPath, cryptoClient);
return cachedCryptographyClients.get(masterKeyPath);
}
use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.
the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultVerifySignature.
/**
* Verifies the given RSA PKCSv1.5 signature.
*
* @param dataToVerify
* @param signature
* @param masterKeyPath
* - Azure Key Vault key url.
* @return true if signature is valid, false if it is not valid
* @throws SQLServerException
*/
private boolean AzureKeyVaultVerifySignature(byte[] dataToVerify, byte[] signature, String masterKeyPath) throws SQLServerException {
assert ((null != dataToVerify) && (0 != dataToVerify.length));
assert ((null != signature) && (0 != signature.length));
CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
VerifyResult valid = cryptoClient.verify(SignatureAlgorithm.RS256, dataToVerify, signature);
return valid.isValid();
}
use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.
the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultUnWrap.
/**
* Encrypts the text using specified Azure Key Vault key.
*
* @param masterKeyPath
* - Azure Key Vault key url.
* @param encryptionAlgorithm
* - Encrypted Column Encryption Key.
* @param encryptedColumnEncryptionKey
* - Encrypted Column Encryption Key.
* @return Returns the decrypted plaintext Column Encryption Key or throws an exception if there are any errors.
* @throws SQLServerException
*/
private byte[] AzureKeyVaultUnWrap(String masterKeyPath, KeyWrapAlgorithm encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) throws SQLServerException {
if (null == encryptedColumnEncryptionKey) {
throw new SQLServerException(SQLServerException.getErrString("R_EncryptedCEKNull"), null);
}
if (0 == encryptedColumnEncryptionKey.length) {
throw new SQLServerException(SQLServerException.getErrString("R_EmptyEncryptedCEK"), null);
}
CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
UnwrapResult unwrappedKey = cryptoClient.unwrapKey(encryptionAlgorithm, encryptedColumnEncryptionKey);
return unwrappedKey.getKey();
}
use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.
the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultSignHashedData.
/**
* Generates signature based on RSA PKCS#v1.5 scheme using a specified Azure Key Vault Key URL.
*
* @param dataToSign
* - Text to sign.
* @param masterKeyPath
* - Azure Key Vault key url.
* @return Signature
* @throws SQLServerException
*/
private byte[] AzureKeyVaultSignHashedData(byte[] dataToSign, String masterKeyPath) throws SQLServerException {
assert ((null != dataToSign) && (0 != dataToSign.length));
CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
SignResult signedData = cryptoClient.sign(SignatureAlgorithm.RS256, dataToSign);
return signedData.getSignature();
}
Aggregations